lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-Id: <29b33c18-f123-4656-8507-406c87a12ec8@app.fastmail.com>
Date: Tue, 07 May 2024 22:48:26 +0200
From: "Arnd Bergmann" <arnd@...db.de>
To: "Thorsten Blum" <thorsten.blum@...lux.com>,
 "Srinivas Kandagatla" <srinivas.kandagatla@...aro.org>,
 "Amol Maheshwari" <amahesh@....qualcomm.com>,
 "Greg Kroah-Hartman" <gregkh@...uxfoundation.org>
Cc: linux-arm-msm@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: Re: [PATCH] misc: fastrpc: Use memdup_user()

On Tue, May 7, 2024, at 22:12, Thorsten Blum wrote:
> Switching to memdup_user() overwrites the allocated memory only once,
> whereas kzalloc() followed by copy_from_user() initializes the allocated
> memory to zero and then immediately overwrites it.
>
> Fixes the following Coccinelle/coccicheck warning reported by
> memdup_user.cocci:
>
> 	WARNING opportunity for memdup_user
>
> Signed-off-by: Thorsten Blum <thorsten.blum@...lux.com>

The patch looks correct to me.

> ---
>  drivers/misc/fastrpc.c | 11 +++--------
>  1 file changed, 3 insertions(+), 8 deletions(-)
>
> diff --git a/drivers/misc/fastrpc.c b/drivers/misc/fastrpc.c
> index 4c67e2c5a82e..2857cddaf812 100644
> --- a/drivers/misc/fastrpc.c
> +++ b/drivers/misc/fastrpc.c
> @@ -1259,17 +1259,12 @@ static int 
> fastrpc_init_create_static_process(struct fastrpc_user *fl,
>  		goto err;
>  	}
> 
> -	name = kzalloc(init.namelen, GFP_KERNEL);
> -	if (!name) {
> -		err = -ENOMEM;
> +	name = memdup_user((void __user *)(uintptr_t)init.name, init.namelen);
> +	if (IS_ERR(name)) {
> +		err = PTR_ERR(name);
>  		goto err;
>  	}

There is also a chance to simplify this further using u64_to_user_ptr()
instead of the double cast if you want.

Acked-by: Arnd Bergmann <arnd@...db.de>

      Arnd

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ